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We dont update this page anymore, it became somewhat of a Chinese menu for effects operations. Information is now available for JTRIG staff at [[l]il] 



[edit] Understanding this page 

Tools and techniques are developed by various teams within JTRIG. We like to let people know when we have something that we can think we can use, 
but we also dont want to oversell our capability. 

For this reason, each tool indicates its current status. We may put up experimental tools or ones that are still in development so you know what we are 
working on, and can approach JTRIG with any new ideas. But experimental tools by their nature will be unreliable, if you raise expectations or make 
external commitments before speaking to us you will probably end up looking stupid. 

Most of our tools are fully operational, tested and reliable. We will indicate when this is the case; however there can be reasons why our tools wont work 
for some operational requirements (eg if it exploits a provider specific vulnerability). There may also be legal restrictions. 

So please come and speak to JTRIG operational staff early in your operational planning process. 



[edit] Current Priorities 

Capability Development Priorities can be fond by following the link below 

■ CapDev Priorities (Discover)^ 



[edit] Engineering 



Tool/System 


Description 


Status 


Contacts 


Cerberus 

Statistics 

Collection 


Collects on-going usage information about how many users utilise 
JTRIG’s UIA capability, what sites are the most frequently visited etc. 
This is in order to provide JTRIG infrastucture and ITServices 
management information statistics. 


OPERATIONAL 


JTRIG Software Developers 13 


JTRIG 








RADIANT 


is a 'Data Diode' connecting the CERBERUS network with GCNET 


OPERATIONAL 


JTRIG Software Developers 13 


SPLENDOUR 








ALLIUM ARCH 


JTRIG UIA via the Tor network. 


OPERATIONAL 


JTRIG Infrastructure Team 13 


ASTRAL 

PROJECTION 


Remote GSM secure covert internet proxy using TOR hidden sen/ices. 


OPERATIONAL 


JTRIG Infrastructure Team 13 


TWILIGHT 

ARROW 


Remote GSM secure covert internet proxy using VPN services. 


OPERATIONAL 


JTRIG Infrastructure Team 13 




JTRIG’s new Infrastructure. FOREST WARRIOR, FRUIT BOWL, JAZZ 






SPICE ISLAND 


FUSION and other JTRIG systems will form part of the SPICE ISLAND 
infrastructure 


DEV 


JTRIG Infrastructure Team 13 


POISON 

ARROW 


Safe Malware download capability. 


DESIGN 


JTRIG Infrastructure Team 13 




CERBERUS UIA Replacement and new tools infrastructure - Primary 






FRUIT BOWL 


Domain for Generic User/Tools Access and TOR split into 3 sub- 
systems. 


DESIGN 


JTRIG Infrastructure Team 13 


NUT ALLERGY 


JTRIG Tor web browser - Sandbox IE replacement and FRUIT BOWL 
sub-system 


PILOT 


JTRIG Infrastructure Team 13 


BERRY 

TWISTER 


A sub-system of FRUIT BOWL 


PILOT 


JTRIG Infrastructure Team 13 


BERRY 

TWISTER+ 


A sub-system of FRUIT BOWL 


PILOT 


JTRIG Infrastructure Team 13m] 


BRANDY SNAP 


JTRIG UIA contingency at Scarborough. 


IMPLEMENTATION JTRIG Infrastructure Team H3 


WIND FARM 


R&D offsite facility. 


DESIGN 


JTRIG Infrastructure Team 13 


CERBERUS 


JTRIG’s legacy UIA desktop, soon to be replaced with FOREST 
WARRIOR. 


OPERATIONAL 


JTRIG Infrastructure Team 13 


BOMBAYROLL 


JTRIG’s legacy UIA standalone capability. 


OPERATIONAL 


JTRIG Infrastructure Team 13 


JAZZ FUSION 


BOMBAY ROLL Replacement which will also incorporate new collectors 
- Primary Domain for Dedicated Connections split into 3 sub-systems. 


IMPLEMENTATION JTRIG Infrastructure Team GO 


COUNTRY FILE 


A sub-system of JAZZ FUSION 


OPERATIONAL 


JTRIG Infrastructure Team 13 


TECHNO 

VIKING 


A sub-system of JAZZ FUSION 


DESIGN 


JTRIG Infrastructure Team 13 


JAZZ FUSION+ 


A sub-system of JAZZ FUSION 


DESIGN 


JTRIG Infrastructure Team 13 


BUMBLEBEE 

DANCE 


JTRIG Operational VM/TOR architecture 


OPERATIONAL 


JTRIG Infrastructure Team 13 


AIR BAG 


JTRIG Laptop capability for field operations. 


OPERATIONAL 


JTRIG Infrastructure Team 13 


EXPOW 


GCHQ's UIA capability provided by JTRIG. 


OPERATIONAL 


JTRIG Infrastructure Team 13 


AXLE GREASE 


The covert banking link for CPG 


OPERATIONAL 


JTRIG Infrastructure Team 13 


POD RACE 


JTRIG'S MS update farm 


DESIGN 


JTRIG Infrastructure Team 13 


WATCHTOWER GCNET -> CERBERUS Export Gateway Interface System 


OPERATIONAL 


JTRIG Software Developers 13 


REAPER 


CERBERUS -> GCNET Import Gateway Interface System 


OPERATIONAL 


JTRIG Software Developers 13 


DIALd 


External Internet Redial and Monitor Daemon 


OPERATIONAL 


JTRIG Software Developers 13 


FOREST 

WARRIOR 


Desktop replacement for CERBERUS 


DESIGN 


JTRIG Infrastructure Team 13 


DOG HANDLER 


JTRIG’s development network 


DESIGN 


JTRIG Infrastructure Team 13 








JTRIG Infrastructure Team 13 



DIRTY DEVIL JTRIG'S research network 



DESIGN 




edit] Collection 



Tool Description 

AIRWOLF YouTube profile, comment and video collection. 

ANCESTRY Tool for discovering the creation date of yahoo selectors. 

BEARTRAP Bulk retrieval of public BEBO profiles from member or group ID. 
BIRDSONG Automated posting of Twitter updates. 

BIRDSTRIKE Twitter monitoring and profile collection. Click here for the User Guide. 
BUGSY Google+ collection (circles, profiles etc.) 



DANCING 

BEAR 



DEVILS 

HANDSHAKE 



DRAGON'S 

SNOUT 



obtains the locations of WiFi access points. 



ECI Data Technique. 



Paltalk group chat collection. 



EXCALIBUR acquires a Paltalk UID and/or email address from a Screen Name. 



Status 

Beta release. 
Fully 

Operational. 

Fully 

Operational. 
Decomissioned. 
Replaced by 
SYLVESTER. 
Fully 

Operational. 

| In early 
(development. 

Fully 

Operational. 



[Tech Lead:J^ 

I Expert Fully 
Usi | Operational. 



Contacts 



JTRIG Software 
Developers E3 
JTRIG Software 
Developers £3 

JTRIG Software 
Developers £3 

JTRIG Software 
Developers £3 

Tech Leads:H 



[Tech Lead: 
^Expert 
Usi 





Beta release. 



Fully 

JTRIG Software operational 
Developers E3 (against current 



[Tech Lead: 



FATYAK 



Public data collection from Linkedln. 



Paltalk version) 



In development 



FUSEWIRE 



Provides 24/7 monitoring of Vbulliten forums for target postings/online activity. Also allows 
staggered postings to be made. 

Technique of getting a targets IP address by pretending to be a spammer and ringing them. 



GLASSBACK 

Target does not need to answer. 

GODFATHER Public data collection from Facebook. 

GOODFELLA Generic framework for public data collection from Online Social Networks. 



JTRIG Software 

Developers E3 

JTRIG Software Fully 

Developers E3 operational. 

[Tech Lead: _ „ 

Fully 

opei ■Htk'n a I 



(Tech Lead: 



In Development 
(Supports 
RenRen and 
Xing). 



HACIENDA 



ICE 



is a port scanning tool designed to scan an entire country or city. It uses GEOFUSION to 

identify IP locations. Banners and content are pulled back on certain ports. Content is put into NAC HACIENDA Fully 
the EARTHLING database, and all other scanned data is sent to GNE and is available through Taskers E3 operational. 
GLOBAL SURGE and Fleximart. 



is an advanced IP harvesting technique. 



INSPECTOR Tool for monitoring domain information and site availability. 



LANDING 

PARTY 



Tool for auditing dissemination of VIKING PILLAGE data. 



JTRIG Software 
Developers E3 
JTRIG Software Fully 
Developers £3 Operational. 

Fully 

JTRIG Software operational. 
Developers H3 






MINIATURE 

HERO 



MOUTH 



MUSTANG 



PHOTON 

TORPEDO 



RESERVOIR 



SEBACIUM 



SILVER 

SPECTER 

SODAWATER 

SPRING 

BISHOP 



SYLVESTER 



TANNER 



TRACER 

FIRE 

VIEWER 

VIKING 

PILLAGE 

TOP HAT 



Active skype capability. Provision of real time call records (SkypeOut and SkypetoSkype) and JTRIG Software 
bidirectional instant messaging. Also contact lists. Developers E3 



Tool for collection for downloading a user's files from Archive.org. 



provides covert access to the locations of GSM cell towers. 



JTRIG Software 
Developers E3 



[Tech Lead:| 
^Expert 




A technique to actively grab the IP address of an MSN messenger user. 




Facebook application allowing collection of various information. 



JTRIG Software 
Developers E3 



An ICTR developed system to identify P2P file sharing activity of intelligence value. Logs are 
accessible via DIRTY RAT. 



Allows batch Nmap scanning over TOR 

A tool for regularly downloading gmail messages and forwarding them onto CERBERUS 
mailboxes 

Find private photographs of targets on Facebook. 



Framework for automated interaction / alias management on online social networks. 



(Tech Lead: 




JTRIG Software 
Developers i3 



JTRIG Software 
Developers d3 



Tech Lead: 




A technical programme allowing operators to log on to a JTRIG website to grab IP addresses of 
Internet Cafe's. 



JTRIG 0S013 



An Office Document that grabs the targets Machine info, files, logs, etc and posts it back to 
GCHQ. 




FIRE JTRIG E3 



A programme that (hopefully) provides advance tip off of the kidnappers IP address for HMG 
personnel. 



Distributed network for the automatic collection of encrypted/compressed data from remotely 
hosted JTRIG projects. 

Aversion of the MUSTANG and DANCING BEAR techniques that allows us to pull back Cell 
Tower and WiFi locations targeted against particular areas. 



(Tech Lead: 



Expert 




PILLAGE JTRIG 
Software 
Developers 03 

[Tech Lead: 




Fully 

operational, but 
note usage 
restrictions. 

Fully 

Operational. 

Fully 

lOperational. 

Operational, but 

usage 

restrictions. 

Fully 

operational, but 
note operational 
restrictions. 



In Development 
Fully 

Operational. 



In Development. 

Replaced by 
HAVOK. 



In Development. 



■Operational, but 
awaiting field 
trial. 



Operational 



In development. 






[edit] Effects Capability 

JTRIG develop the majority of effects capability in GCHQ. A lot of this capability is developed on demand for specific operations and then further 
developed to provide weaponised capability. 

Don't treat this like a catalogue. If you don't see it here, it doesn't mean we cant build it. If you involve the JTRIG operational teams at the start of your 
operation, you have more of a chance that we will build something for you. 



For each of our tools we have indicated the state of the tool. We only advertise tools here that are either ready to fire or very close to being ready 
(operational requirements would re-prioritise our development). Once again, involve the JTRIG operational teams early. 



Tool Description 



Status Contacts 



ANGRY 

PIRATE 



ARSON SAM 



is a tool that will permanently disable a target's account on their computer. 



Ready to fire 
see target 
restrictions). 



(but 



[Tech Lead: 




Ready to fire (Not _ . 

[Tech Lead 

is a tool to test the effect of certain types of PDU SMS messages on phones / network. It against live 
also includes PDU SMS Dumb Fuzz testing &. targets, this is a 

R&D Tool). 



Expert User:] 



is an automated system developed by JTRIG CITD to support JTRIG BUMPERCAR 

„ operations. BUMPERCAR operations are used to disrupt and deny Internet-based terror _ , A JTRIG Software 

BUMPERCAR+ ^ r v j Ready to fire 

videos or other material. The technique employs the services provided by upload providers Developers O 

to report offensive materials. 

In Development. 

Ready to fire. JTRIG OSOO 

Ready to fire. JTRIG OSOO 

Ready to fire. JTRIG OSOO 



BOMB BAY is the capability to increase website hits/rankings. 



BADGER mass delivery of email messaging to support an Information Operations campaign 
BURLESQUE is the capability to send spoofed SMS text messages. 

CANNONBALL is the capability to send repeated text messages to a single target. 




CLEAN 

SWEEP 



Masquerade Facebook Wall Posts for individuals or entire countries 



[Tech Lead: 

Ready to fire j 

(SIGINT sources Expert User: 

required) 



CLUMSY 

BEEKEEPER 



Some work in progress to investigate IRC effects. 



CHINESE 

FIRECRACKER 

CONCRETE 

DONKEY 



Overt brute login attempts against online forums 

is the capability to scatter an audio message to a large number of telephones, or 
repeatedly bomb a target number with the same message. 



DEER 

STALKER 



Ability to aid-geolocation of Sat Phones / GSM Phones via a silent calling to the phone. 



GATEWAY Ability to artificially increase traffic to a website 
GAMBIT Deployable pocket-sized proxy server 



GESTATOR 



amplification of a given message, normally video, on popular multimedia websites 
(Youtube). 



GLITTERBALL Online Gaming Capabilities for Sensitive Operations. Currently Second Life. 



IMPERIAL 

BARGE 



For connecting two target phone together in a call. 



PITBULL 

POISONED 

DAGGER 



Capability, under development, enabling large scale delivery of a tailored message to 
users of Instant Messaging services. 

Effects against Gigatribe. Built by ICTR, deployed by JTRIG. 



NOT READY TO 
FIRE. 




Ready to fire. FIRECRACKER I H 



In development. 




Ready to fire. 

Ready to fire. 
In-development 



[Tech Lead: 




JTRIG OSOO 
JTRIG OSOO 



In development. 
Tested. 



[Tech Lead: ?; 





In development. 





PREDATORS 

FACE 

ROLLING 

THUNDER 

SCARLET 

EMPEROR 

SCRAPHEAP 

CHALLENGE 



Targeted Denial Of Service against Web Servers. 

Distributed denial of sen/ice using P2P. Built by ICTR, deployed by JTRIG. 
Targeted denial of service against targets phones via call bombing. 

Perfect spoofing of emails from Blackberry targets. 



SERPENTS 

TONGUE 



SILENT 

MOVIE 



for fax message broadcasting to multiple numbers. 

Targeted denial of service against SSH services. 

SILVERBLADE Reporting of extremist material on DAILYMOTION. 

SILVERFOX List provided to industry of live extremist material files hosted on FFUs. 

Disruption of video-based websites hosting extremist content through concerted target 



Tech Lead: | 

Tech Lead: 

_ JTRIG Software 

Ready to fire. 

Developers E3 

Ready to fire, but 
see constraints. 

[Tech Lead:| 

In redevelop ment.^^^^l Expert 
User:| 

Ready to fire. 

Ready to fire. 





SILVERLORD 



discovery and content removal. 

Production and dissemination of multimedia via the web in the course of information 

SKYSCRAPER 

operations. 

SLIPSTREAM Ability to inflate page views on websites 

STEALTH is a tool that will Disrupt target's Windows machine. Logs of how long and when the effect 



Ready to fire. 



Ready to fire. 



[Tech Lead: 

■Expert User: 




[Tech Lead:l 

^Expert User: 



MOOSE 



is active. 



SUNBLOCK Ability to deny functionality to send/receive email or view material online. 



Swamp is a tool that will silently locate all predefined types of file and encrypt them on a targets 

donkey machine. 



TORNADO is a delivery method (Excel Spreadsheet) that can silently extract and run an executable 
ALLEY on a target's machine. 



UNDERPASS Change outcome of online polls (previously known as NUBILO) 



[Tech Lead: Section 
Ready to fire . X; Expert Users : 
Language Team] 

Ready to fire. JTRIG OSOE3 

Ready to fire (but [Tech Lead: 

see target 
restrictions). 

Tested, but 
operational 
limitations. 



Expert User: ] 

(Tech Lead: Section 




Ready to fire (but 
see target 
restrictions). 

Ready to fire (but 
see target 
restrictions). 



[Tech Lead: Section 
In development. X; Expert User:! 



VIPERS 

TONGUE 



Ready to fire (but 

is a tool that will silently Denial of Service calls on a Satellite Phone or a GSM Phone. see target 



WARPATH Mass delivery of SMS messages to support an Information Operations campaign 



restrictions). 
Ready to fire. 




[edit] Work Flow Management 



Tool 

HOME PORTAL 



Description 

A central hub for all JTRIG Cerberus tools 



Contacts 

JTRIG Software 
Developers E3 

CYBER COMMAND A centralised suite of tools, statistics and viewers for tracking current operations across the Cyber JTRIG Software 
CONSOLE community. Developers E3 

JTRIG Software 

A web service and admin console for the translation of usernames between networks. For use with Developers 1=3 

NAM EJ ACKER 

gateways and other such technologies. 







[edit] Analysis Tools 



Tool 

BABYLON 

CRYOSTAT 

ELATE 

PRIMATE 

JEDI 



Description 

is a tool that bulk queries web mail addresses and verifies whether they can be signed up for. A green tick 
indicates that the address is currently in use. Verification can currently be done for Hotmail and Yahoo, 
is a JTRIG tool that runs against data held in NEWPIN. It then displays this data in a chart to show links 
between targets. 

is a suite of tools for monitoring target use of the UK auction site eBay (www.ebay.co.uk). These tools are 
hosted on an Internet server, and results are retreived by encrypted email. 

is a JTRIG tool that aims to provides the capability to identify trends in seized computer media data and 
metadata. 

JTRIG will shortly be rolling out a JEDI pod to every desk of every member of an Intelligence Production 
Team. The challenge is to scale up to over 1,200 users whilst remaining agile, efficent and responsive to 
customer needs. 



Contacts 

JTRIG Software 
Developers E3 
JTRIG Software 
Developers E3 
JTRIG Software 
Developers E3 
JTRIG Software 
Developers E3 
[Tech Lead:®^^] 
Expert User: 



is a distributed real-time event aggregation, tip-off and tasking platform utilised by JTRIG as a middleware 
layer. 



JILES is a JTRIG bespoke web browser 

| MIDDLEMAN 

OUTWARD is a collection of DNS lookup, WHOIS Lookup and other network tools 
TANGLEFOOT 




is a bulk search tool which queries a set of online resources. This allows analysts to quickly check the 
online presence of a target. 



[Tech Lead:| 

Je X pert Lker:] 

JTRIG Software 
Developers £3 
JTRIG Software 
Developers Ii3 
JTRIG Software 
Developers E3 



is a data index and repository that provides analysts with the ability to query data collected from the 
SLAMMER Internet from various JTRIG sources, such as EARTHLING, HACIENDA, web pages saved by analysts 
etc. 



JTRIG Software 
Developers E3 



[edit] Databases 



Tool Description 

BYSTANDER is a categorisation database accessed via web sen/ice. 



CONDUIT 

NEWPIN 



is a database of C2C identifiers for Intelligence Community assets acting online, 
either under alias or in real name. 

is a database of C2C identifiers obtained from a variety of unique sources, and a 



suite of tools for exploring this data. 

QUINCY is an enterprise level suite of tools for the exploitation of seized media. 



Contacts 

JTRIG Software Developers E3 
JTRIG Software Developers H3 

JTRIG Software Developers i3 

[Tech Lead Expert Users: 



[edit] Forensic Exploitation 



Tool 



BEARSCRAPE 



SFL 



Snoopy 



Description 

can extract WiFi connection history (MAC and timing) when supplied with a copy of the 
registry structure or run on the box. 

The Sigint Forensics Laboratory was developed within NSA. It has been adapted by JTRIG 
as its email extraction and first-pass analysis of seized media solution. 

is a tool to extract mobile phone data from a copy of the phone's memory (usually supplied 



Contacts 

[Tech Lead 
User:] 
[Tech Lead 



■ Expert 




as an image file extracted through FTK. 
is a tool to extract data from field forensics' reports created by Celldek, Cellebrite, XRY, 
MobileHoover Snoopy and USIM detective. These reports are transposed into a Newpin XML format to 
upload to Newpin. 

is a tool developed by NTAC to search disk images for signs of possible Encryption 
products. CMA have further developed this tool to look for signs of Steganography. 



[Tech Lead] 



[Tech Lead 



Nevis 










edit] Techniques 



Tool Description 

CHANGELING Ability to spoof any email address and send email under that identity 
HAVOK Real-time website cloning technique allowing on-the-fly alterations 

MIRAGE 

SHADOWCAT End-toEnd encrypted access to a VPS over SSH using the TOR network 



Contacts 

JTRIG OSOE3 
JTRIG OSOE3 
JTRIG osoa 
JTRIG OSOE3 



SPACE 

ROCKET 

RANA 

LUMP 



is a programme covering insertion of media into target networks. CRINKLE CUT is a tool developed by ICTR- 
CISA to enable JTRIG track images as part of SPACE ROCKET. 



Tech Lead:| 

M Expert 

User: 



is a system developed by ICTR-CISA providing CAPTCHA-solving via a web service on CERBERUS. This is Tech Lead:J ] 
intended for use by BUMPERCAR+ and possibly in future by SHORTFALL but anyone is welcome to use it. ^^^^^xpert Use 



A system that finds the avatar name from a SecondLife AgentID 



JTRIG Software 
Developers E3 



GURKHAS 

SWORD 



Beaconed Microsoft Office Documents to elicite a targets IP address. 



JTRIG Software 
Developers E3 



edit] Shaping and Honeypots 



Tool 

DEADPOOL 

HUSK 

LONGSHOT 

MOLTEN-MAGMA 

NIGHTCRAWLER 

PISTRIX 



Description 

URL shortening service 

Secure one-to-one web based dead-drop messaging platform 
File-upload and sharing website 

CGI HTTP Proxy with ability to log all traffic and perform HTTPS Man in the Middle. 
Public online group against dodgy websites 
Image hosting and sharing website 



Contacts 

JTRIG OSOE3 
JTRIG OSOE3 
JTRIG OSOE3 

JTRIG Software Developers E3 



JTRIG OSOE3 
JTRIG OSOE3 




WURLITZER Distribute a file to multiple file hosting websites. 



JTRIG Logo. png 
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